Lake Health fires several employees over HIPAA violations

Lake Health announced several employees have been terminated for accessing a patient's information in violation of federal patient privacy laws.

The breach was discovered in September after a routine audit of electronic medical records showed a single patient's health information had been accessed by multiple employees without authorization, said Gary Robinson, vice president of government and community affairs for Lake Health.

"The employees who accessed the records were from a variety of different departments throughout the system," he said. "They were not specific to Lake West or TriPoint. It was a variety of departments, some caregivers and some nonclinical."

Records chosen for the regular audits are randomly selected, said Julieann Strogin, Lake Health's manager of advertising and media relations.

Advertisement

Strogin and Robinson said they could not give a specific number of employees due to employee confidentiality,and could only confirm that it had been several.

"We do not have any evidence that (the information) was shared publicly. However, from our standpoint, just the fact that the record was accessed inappropriately by individuals not involved in the patient's care that's enough for us to take the action we have taken," Robinson said. Lake Health has contacted the family of the patient involved.

In regards to the terminated employees, Robinson said Lake Health followed its policy when patient privacy is compromised. He also said Lake Health was not required to turn information over to legal authorities.

"HIPAA protects their clinical information and also pertains to any information we have on them, like medical history," Robinson said.

When the breach was discovered in September, Lake Health conducted an internal investigation and interviewed the employees who accessed the information.

"They did not provide any information that would suggest they needed to be on that medical record," Robinson said.

The incident in September follows another violation of HIPAA by a single employee earlier in the year. That person was also terminated. Following that incident Lake Health had all team members review the systems' HIPAA privacy policy, Robinson added.

Lake Health is again reviewing the policy with team members.

Team members are required to sign off each year as part of mandatory training and review of the HIPAA privacy policy, Strogin said.

"Patient privacy is the bedrock of what we do," Robinson said. "If patients don't feel comfortable giving us information, it compromises us giving them the best care. We take patient privacy extremely seriously and we won't tolerate a breach of a patient's privacy."